The present invention relates to systems for providing data security on a network. In particular, the present invention relates to a key management system using a network interface card to provide control of information and flow on a network.
In an environment in which methods of transmitting information are increasingly public and intertwined, protecting sensitive information has become critically important. Insuring confidentiality, privacy, and restricted access are primary concerns of both government and private organizations. Traditional methods of providing sufficient levels of security lag behind current needs and threaten to block implementation of new information and communication technologies. Furthermore, many methods currently being offered suffer in one or more of the following areas:
Require extremely large investments. While several secure network gateways, interface and VPN devices are available, most are so costly as to exclude them from consideration in all but the most critical applications. It is not uncommon to find devices that would be required at every workstation at a cost of several thousand (and, at times, several tens of thousands of) dollars per unit. Furthermore, most of these devices provide single functionality and must be physically removed or detached for any reconfiguration (providing little xe2x80x9cbang for the buckxe2x80x9d).
Inflexibility. Many current devices provide little if any flexibility in their use , while others offer some flexibility but with varying degrees of difficulty. VPNs either cannot be xe2x80x9cre-keyedxe2x80x9d to multiple, secure xe2x80x9cconferencesxe2x80x9d or xe2x80x9clogical networksxe2x80x9d, or can only be re-keyed by physically removing or detaching the device. Very few if any provide the ability for a single user or workstation to communicate with multiple VPNs or to communicate through both secure and unsecure channels. Cryptographic algorithms are often pre-loaded and typically cannot be selected dynamically.
Limited Functionality. Most current devices are intended to provide one or two functions, often for a single application. A device provides data privacy but not access control or data separation. Some provide user authentication but cannot verify the authenticity of data received or of the apparent sender, while others do the opposite. Many work only in a Type 1 classified environment, while others can be used only for sensitive but unsecure information.
Extensive Network Infrastructure. Many (if not most) designs for protecting data-in-transit focus on securing the channels of communication rather than the information being communicated. These types of designs require, a priori, that all points between the originator and intended recipient of the data maintain the secure channel. Therefore, specialized hardware and/or software is required throughout the network, presenting extensive maintenance challenges and considerable cost. Furthermore, since these designs introduce multiple points of potential failure, considerably more hardware and maintenance efforts are needed for secondary backup systems, further complicating network design and inflating both initial and ongoing costs.
Extensive Key Management Infrastructure. Many designs require server-based certificate, user, and/or key directories and complicated systems for distribution, replication, authentication, and verification. Such systems are not only complicated to design and implement, but are suspect to load and performance requirements.
If government and commercial organizations are going to be able to exploit the increasingly open networks and technologies, better methods of protecting the information sent through these networks are clearly needed. Although it is not believed that any one technology or any one application of technologies will provide a single complete solution for protecting data in transit, the use of a Constructive Key Management (CKM) system (see U.S. patent application Ser. No. 09/023,672) on a Network Interface Card (NIC) is capable of solving many of the existing challenges for a considerable number of potential applications.
It is an objective of the present invention to provide a CKM-enabled network interface card with all of the following capabilities:
Protects the privacy of any or all information being sent from a workstation through a network;
Is compatible with the most frequently-used hardware and operating systems;
Restricts access to transmitted data to receivers who share specified role-based credentials (applies implicitly through a system of defaults, or explicitly by the user or through an API);
Is designed to be usable by the maximum number of users for any data transmitted over the most widely installed network types;
Enforces security policies established by the user""s organization;
Operates in a mode that is transparent to users, but which may still be controlled by users (within limits established by security administrators);
Operates in a manner that does not disrupt the data stream and which does not alter performance significantly;
Provides the ability to establish Multiple Dynamic Virtual Private LANs;
Is client-based, requiring no centralized authentication;
Provides key-management and distribution resources that are distributable and that require no run-time server access;
Provides key-recoverability to security administrators in the organization;
Allows organizational control and user/application selection of cryptographic algorithms;
Provides promiscuous mode operations for use by network security monitors and auditors;
Has a production cost that is affordable to most government, institutional, and commercial organizations;
May be produced in both unclassified and classified (Type 1) versions while maintaining data compatibility; and
Provides a clear and simple path for future development and integration with emerging technologies;
It is further an objective of the present invention to provide the integration of CKM into NIC hardware, with a major focus on functional designs within the CKM key management and cryptographic systems.
Although the methods of applying CKM functionality to a NIC application are discussed at length, CKM key management, distribution, and cryptography are not discussed directly; these topics are discussed in detail in the incorporated references listed above. Likewise, issues regarding user authentication, login, session expiration, and token and SmartCard storage are discussed in these references.